According to IBM’s Cost of a Data Breach Report (2020), a data breach now costs a company an average of $3.86 million. Although remote work doesn’t account for the majority of the risks, it does, in fact, increase them.
We have written extensive articles on the importance of cybersecurity in the past so we won’t be going over the basics again. Instead, let’s try to understand the risks involved with what rapidly becomes the norm in many companies – remote access.
Remote Work Vulnerabilities
Insecure and Unencrypted Connection
The basic element of cybersecurity is the integrity of the network. If it’s not encrypted, hackers can gain access to the information sent between a client (an employee) and a server (a company) by executing various Man-in-the-middle (MITM) attacks to intercept the data.
HTTP Protocol
The most insecure type of network is the one that uses the HTTP protocol. The data is sent in plain text, and anyone who is connected to the same network (e.g. Wi-Fi access point) can ‘sniff’ the packets.The simplest way for a hacker to intercept data this way is to download the program called Wireshark and start recording network activity. Allwebrequests, including the ones with sensitive information and files, will be visible to the attacker – and easily searchable as well.
HTTPS Protocol
HTTPS is an upgrade of the HTTP protocol in a way that it is encrypted. But even if your corporate server uses HTTPS, it doesn’t mean that the network is impenetrable. An attacker can create a fake Wi-Fi access point using open-source tools such as Apache, Dnsmasq, and Hostapd (to name a few). After a quick set-up and once a client is connected to a fake access point, bad actors can manipulate the connection however they want. For example, when your server sends an encryption key to an employee’s browser to establish an HTTPS connection, it can be intercepted. On the side of the fake access point, an attacker will keep the key to themselves and instead pass the HTTP (unencrypted) data to the user.Because the user’s browser isn’t aware that data should be encrypted (thinking the connection is still HTTP, not HTTPS), it responds by sending unencrypted data, which can be easily read by the attacker. The hacker will then encrypt it and send it to the server, thus convincing the server that the connection is properly secured. The same applies to encrypted data received from the server: because the attacker already has the keys, they can decrypt the data and read it easily.
Unauthorized Access to Resources
Data is the most valuable asset when it comes to security. The less an attacker has access to, the smaller the damage. And the figures aren’t small. According to IBM’s statistics, the cost of a breach can go up by hundreds of thousands of dollars depending on how much sensitive information gets stolen.One of the most common liabilities is the loose remote access control regarding who can access which files and assets. Allowing employees to only access the resources they need seems obvious, yet even major corporations tend to ignore the importance of strict layers of authorization. With each employee that has the ability to see sensitive information, the chance of it being stolen increases. For bigger businesses, one mistake can open up critical data to hundreds of workers. Finding a way in is just a matter of time for hackers.
VPN
One of our previous blogs covered how insecure networks can fall prey to attackers, but even VPNs are not bullet-proof. Apart from the obvious human error vectors that allow unrestricted access to VPN authorization endpoints, there are multiple ways of stealing user credentials. In turn, that grants an attacker easy access to exposed resources, of which there can be plenty.Recently, hackers have been focusing on insecure third-party servers to obtain TLS certificates (which can lead to hijacking user sessions). They also exploited known vulnerabilities in VPN systems. One example is the Pulse Secure VPN’s CVE-2019-11510 vulnerability, which makes it possible to gain privileged access to the server’s file system by making a specific HTTP request.
Phishing
Methods to obtain credentials have evolved, but social engineering attacks are all the same at their core. Hackers impersonate a person or a company and convince an employee to provide their credentials. Unfortunately, that simple scheme has been working for decades.Email phishing is still prevalent among hackers, but voice phishing has been rapidly growing into a major security threat as well. The former focuses on sending out a fake email that either contains an attachment with malicious code (basically a virus) or, most commonly, urges gullible employees to enter their authentication credentials into a fake page that looks exactly like the real one – just with a different URL.Voice phishing involves several attackers, one of whom calls an employee and impersonates an IT-person from the company while the other quickly uses obtained credentials to log in to the system and potentially create a backdoor that allows them to return in the future. Attackers either direct the victim to a fake web page or simply obtain credentials and two-factor authentication codes via phone.
Keyloggers & Viruses
When a computer is used with no knowledge of basic internet safety practices, the risk of injecting malicious programs into a system is very high. That risk multiplies with the number of people using it. It only takes one unlucky download to compromise the system – and with that, user credentials.Keylogger is a software that captures each keyboard click and sends activity data to a remote attacker, and it’s a popular method of stealing sensitive data. Other malicious programs include software that creates screenshots of a working environment with a set interval, scripts that hijack certain commands or modify them, background programs that gather user data, and so on.There is a myriad of ways to steal user credentials and get into the corporate system. The least a business can do is minimize the impact of a breach by limiting available resources to the bare minimum for each employee.
How Cloudbric’s Remote Access Solution Addresses Security Problems
The core threats associated with remote work have to do with user authentication, network security, and malicious hacking activity. Web-based threats are dealt with by Cloudbric Remote Access Solutions’ Traffic Monitoring layer. It inspects all traffic and scans it for the most common exploits. If an attacker tries to inject a script into the system or run a DDoS attack to flood the network with fake requests, the Traffic Monitoring layer will prevent such attacks. Two-factor authentication is used for user authentication, but even if the credentials are somehow stolen, Cloudbric will block the attacks because the system monitors the network for unauthorized access from different IP addresses and evaluates all connections based on different criteria. Cloud infrastructure allows for easy access through an encrypted network that combines all the privileges of a VPN with a hassle-free experience. Combined with Cloudbric’s traffic monitoring mechanisms, the remote access system ensures the safety of data and the privacy of connection. Learn more: www.cloudbric.com/cloudbric-ras.